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Amendments to the Claims 



. (Currently Amended) A communication system, comprising: 
a communication network, including a plurality of nodes; 
a server connected to a first one or said the nodes; 
a client processor; 

a storage medium within said the client processor and to storing store a security 
system for connecting said the client processor to said the communication network for 
communication with said the server, wherein said the security system includes a 
transmission control protocol for to controlling communication between said the cUent 
processor and said the communication network; 

a security classifier fiar to coupling couple said the transmission control protocol 
to said the communication network, said the security classifier to d e t e rmining determine 
a security classification for said the client processor; 

a security association negotiator responsive to said the client processor opening a 
socket at a node of said the communication network, fer to corr e lating correlate the 
socket with a security association based on the determined security classification; and 

a network interceptor coupling said the client processor with said the transmission 
control protocol, and responsive to the socket being closed for deleting the security 
association , wherein the network interceptor responds to the socket being closed by 
determining whether any other socket is correlated with the security association, and if it 
is determined that no other socket is correlated with the security association, deleting the 
security association . 

Cancel claims 14 and 15. 

x^6. (Currently Amended) An article, comprising a storage medium having 
instructions stored thereon, the instructions when executed , provide for controlling a 
security association of a network communication between a local application having a 
socket and a remote application , th e local application having a sock e t, by monitoring a 
completion status of the communication; upon completion of the communication, closing 
the socket; and in response to the closing of the socket, terminating a correlation of the 
security association with the socket , wherein the correlation of the security association 
with the socket is terminated by determining whether any other socket is correlated with 
the security association, and if it is determined that no other socket is correlated with the 
security association, deleting the security association . 

Cancel claims 17 and 18. 

19. (Currently Amended) An article as claimed in claim 16, wherein the local 
application operates through a driver, and the correlation of the security association with 
the socket is includes t e rminat e d by notifying the driver that the security association is no 
longer needed, to cause the driver to terminate the correlation. 
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20. (New) The communication system of claim 13, wherein the network 
interceptor monitors all sockets protected by the security association. 

21. (New) The communication system of claim 13, wherein the network 
interceptor monitors when the socket is closed. 

/ 22. (New) A communication method comprising: 

monitoring a completion status of a network communication between a local 
application and a remote appUcation, wherein the local application utihzes a socket; 
upon completion of the network communication, closing the socket; and 
in response to the closing of the socket, terminating a correlation of the security 
association with the socket, wherein terminating the correlation of the security 
association with the socket comprises determining whether any other socket is correlated 
with the security association, and if it is determined that no other socket is correlated with 
the security association, deleting the security association. 

23. (New) The communication method of claim 22, wherein the local application 
operates through a driver, and terminating the correlation of the security association with 
f ^ the socket includes notifying the driver that the security association is no longer needed 
to cause the driver to terminate the correlation. 

/lA, (New) A communication method comprising: 
creating a socket for a local application to enable the local application to 
communicate with a remote application on a communication network; 
correlating the socket with a security association; 

performing the communication through the socket and the communication 
network; 

upon completion of the communication, closing the socket; and 
in response to the closing of the socket, terminating the correlation of the security 
association with the socket, wherein terminating the correlation of the security 
association with the socket comprises determining whether any other socket is correlated 
with the security association, and if it is determined that no other socket is correlated with 
the security association, deleting the security association. 

25. (New) The communication method of claim 24, wherein correlating the socket 
with the security association comprises: 

determining whether there is an active security association that would cover 
traffic for the socket; 

if it is determined that there is an active security association that would cover 
traffic for the socket, then correlating the socket with the active security association; 

if it is determined that there is not an active security association that would cover 
traffic for the socket, then: 

determining a new security association for traffic for the socket; 
giving the new security association to a network security driver; 
receiving a handle for the new security association from the network 
security driver; and 
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correlating the socket with the new security association of the handle. 

26. (New) The communication method of claim 24, wherein the local application 
operates through a driver, and terminating the correlation of the security association with 
the socket includes notifying the driver that the security association is no longer needed 
to cause the driver to terminate the correlation. 

^27. (New) A security system comprising: 

a transmission control protocol for controlling communication between a client 
application and a communication network; 

a security classifier for coupling the transmission control protocol to the 
communication network, the security classifier to determine a security classification for 
the client application; 

a security association negotiator responsive to the client application opening a 
socket at a node of the communication network, to correlate the socket with a security 
association based on the determined security classification; and 

a network interceptor coupling the client application with the transmission control 
protocol, and responsive to the socket being closed to terminate the correlation of the 
socket with the security association, wherein the network interceptor responds to the 
socket being closed by determining whether any other socket is correlated with the 
security association, and if it is determined that no other socket is correlated with the 
security association, to delete the security association. 

28. (New) The security system of claim 27, wherein the network interceptor 
monitors when the client application closes the socket. 



